Should open-source repositories block nations under U.S. sanctions?

Arabcrunch has accused major open-source repository SourceForge of blocking all access to software projects it hosts for anyone in Syria, Sudan, Iran, North Korea and Cuba.

Not surprisingly, this policy comes in for a fair amount of ridicule over there. Filtering out the political rhetoric, and the main point is: Either open source is "open" or it's not.

SourceForge defenders note that the issue is likely not SourceForge's own political leanings but their apparent desire to comply with U.S. export laws.

I've got a call into someone at SourceForge parent GeekNet for clarification. But SourceForge's current terms of service do state: "Users residing in countries on the United States Office of Foreign Assets Control sanction list, including Cuba, Iran, North Korea, Sudan and Syria, may not post Content to, or access Content available through, SourceForge.net."

I don't know whether that's new, it's always been there but enforcement was stepped up, or in fact there hasn't been any serious enforcement despite claims otherwise. (Arabcrunch says that enforcement changed from just blocking people in those countries from contributing to open-source projects to blocking their ability to download.) Update: SourceForge acknowledged the issue in a blog post, stating that they regret the impact on people with no malicious intent, but "until either the designated governments alter the practices that got them on the sanctions list, or the US governmentÂ’s policies change, the situation must remain as it is."

I do understand the need for U.S. law to control access to advanced software tools in areas deemed hostile to American interests, as well as to enforce certain sanctions. However, there's a fundamental difference between commercial products and open-source software hosted on a repository based in the U.S.

Yes, someone can make copies of commercial software and send it to people in nations where it's not supposed to go. However, that's illegal; and many vendors of high-end software have measures in place to try to prevent piracy. Granted, those efforts have had limited success. But, put another way: A legitimate site in, say, Canada or Denmark couldn't take such software and post it for others to download.

Open-source software, on the other hand, by definition can be freely copied and shared. What's the point of blocking access to code that anyone can legally copy and post anywhere else they want?

Yes, a policy to limit access makes a statement. It makes it harder for those in sanctioned countries to benefit from the work of Americans (and others). It creates some aggravation for those who might actually be involved in malicious activities However, this policy also generates ill will among ordinary technical professionals in those nations, encourages open-source collaborative repositories to move offshore yet won't actualy achieve the desired objective of limiting access to this software.

Who in Iran is more likely to be able to, say, travel across a border to get access to the software they need? Developers working on projects backed by Iran's repressive government or Iranian pro-democracy advocates?

As far as I can tell, the only way to stop people in nations under U.S. sanctions from having access to American-authored open-source software projects is to prevent Americans from participating in the open-source movement at all. And that would be a mistake of epic proportions.

Sharon Machlis is online managing editor at Computerworld. You can follow her on Twitter @sharon000, send her e-mail at smachlis@computerworld.com or subscribe to her RSS feeds:
articles | blogs .

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies